A school website system there is a file include vulnerability-the ASP language practical auditing-vulnerability warning-the black bar safety net

ID MYHACK58:62201457513
Type myhack58
Reporter 佚名
Modified 2014-12-31T00:00:00


From the official site to download the latest system~ Then with a small cyclone to build local asp environment.

In the review of this file. Saw the beginning of the 1-2 line <!--# include file="inc/config. asp" - > <!--# include file="inc/conn. asp" - >there's a file contains. Then I looked under the inc/conn. asp this file is a full file of only 5 lines of code

  1. <span class="pun"><%</span><span class="pln">

  2. db</span><span class="pun">=</span><span class="str">"data/Xiao5u. mdb"</span><span class="pln">

  3. </span><span class="typ">Set</span><span class="pln"> conn </span><span class="pun">=</span><span class="pln"> </span><span class="typ">Server</span>< span class="pun">.& lt;/span><span class="typ">CreateObject</span><span class="pun">(</span><span class="str">"ADODB. Connection"</span><span class="pun">)</span><span class="pln">

  4. conn</span><span class="pun">.& lt;/span><span class="typ">Open</span><span class="pln"> </span><span class="str">"driver={Microsoft Access Driver (*. mdb)};pwd=xiao5u;dbq="</span><span class="pln"> </span><span class="pun">&</span><span class="pln"> </span><span class="typ">Server</span><span class="pun">.& lt;/span><span class="typ">MapPath</span><span class="pun">(</span><span class="pln">db</span><span class="pun">)</span><span class="pln">

  5. %></span>

_ Copy the code _

[1] [2] [3] next